--- title: "TLP Amber Reports" slug: "tlp-amber-reports" description: "How to access TLP Amber reports and how to understand TLP Amber reports" tags: ["Cyber Security", "Threat Intelligence", "Threat intelligence management", "TLP Amber reports"] updated: 2026-06-09T03:07:54Z published: 2026-06-09T03:07:54Z canonical: "help.silentpush.com/tlp-amber-reports" --- > ## Documentation Index > Fetch the complete documentation index at: https://help.silentpush.com/llms.txt > Use this file to discover all available pages before exploring further. # TLP Amber Reports Traffic Light Protocol (TLP) Amber reports are comprehensive intelligence reports created by Silent Push that provide a detailed breakdown of how to detect, counter, and Monitor the activities of specific Threat actors and campaigns. TLP Amber Reports provide actionable insights from curated threat intelligence, enabling security teams to proactively address sophisticated cyber threats. Unlike public intelligence, they offer in-depth analysis of threat actor tactics, techniques, and procedures (TTPs), along with tailored mitigation recommendations. With Silent Push’s enterprise platform, these reports integrate seamlessly with your security stack to boost threat detection and response. ## Access TLP Amber Reports 1. From the left navigation menu, select **Defend > TLP Amber Reports**. 2. Use the options at the top to: 1. Search reports 2. Filter by Feed 3. Filter by Tags The reports provide more platform-specific context than our [public research blogs](https://www.silentpush.com/resources/blog/) and allow us to share intelligence and threat-hunting techniques deemed too sensitive for the public sphere, where threat actors may have access. ### TLP Amber Reports are now available via API You can now access the title, description, and tags of TLP Amber Reports programmatically through the Silent Push API. This allows you to ingest report metadata directly into your Threat Intelligence Platform (TIP), SIEM, SOAR, or internal tools. The full report content remains restricted (a login is required on the platform to view the complete sensitive details), but the API makes it easy to discover and reference new reports at scale. ![Overview of TLP Amber Reports with various cybersecurity alerts and related feeds.](https://cdn.document360.io/8e5460b3-9d96-4b01-8bb3-6591a4af3a8c/Images/Documentation/Screenshot 2025-09-26 at 10.44.39 AM.png) A feature that automates periodic scans of DNS or WHOIS data, sending email alerts for new results to track changes in domains, IPs, or infrastructure without manual queries. An Indicator of Compromise (IoC) with potential to cause harm, such as a malicious IP, domain, or file hash. A moderately sensitive threat intelligence report providing actionable insights into specific threats, shared with restricted audiences for operational use. A centralized module in a threat intelligence platform for organizing, searching, and analyzing data from various feeds, enabling efficient threat detection and response workflows. A curated stream of threat intelligence data containing indicators of compromise (IoCs), such as malicious IPs or domains, used to monitor and mitigate cyber threats. Labels or metadata assigned to an indicator to provide additional context, such as its threat type, origin, or behavior.